IRIX midikeys vulnerability list.

From: Larry W. Cashdollar (lwcashdat_private)
Date: Fri May 21 1999 - 07:56:33 PDT

Next message: Björn Torkelsson: "Re: IRIX midikeys root exploit."

Previous message: Lance James: "IRIX ftpd overflow"
Next in thread: Aleph One: "Re: IRIX midikeys vulnerability list."
Reply: Aleph One: "Re: IRIX midikeys vulnerability list."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I am attempting to compile a list of vulnerable systems for this exploit.  I would like
to provide as much information to SGI as possible. Here is what I have found so
far.

Erik Mouw  Email J.A.K.Mouwat_private   |
---------------------------------------------|
Verified to work on an O2 running IRIX 6.3:  |
  uname -aR
  IRIX o2 6.3 O2 R10000 12161207 IP32

And on an Octane running IRIX 6.5.3:
  uname -aR
  IRIX64 octane 6.5 6.5.3m 01221553 IP30

Larry W. Cashdollar	lwcashdat_private	      |	
----------------------------------------------|
Verified on an ONYX/2 running IRIX 6.5.
  uname -aR
  IRIX64 onyx 6.5 05190003 IP27

Verified on an Indigo running IRIX 6.5.      			
  uname -aR
  IRIX64 flier 6.5 05190004 IP28

I was unable to test this on our IRIX 6.2 box.
/usr/sbin/midikeys does exist and it is setuid
root however.

Anthony C . Zboralski aczat_private            |
----------------------------------------------|			   	
It works on latest 6.5.4 maintenance release: |
IRIX ra 6.5 04151556 IP32 mips



Larry W. Cashdollar

Unix Administrator
Computer Security Operations

Next message: Björn Torkelsson: "Re: IRIX midikeys root exploit."
Previous message: Lance James: "IRIX ftpd overflow"
Next in thread: Aleph One: "Re: IRIX midikeys vulnerability list."
Reply: Aleph One: "Re: IRIX midikeys vulnerability list."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:46:22 PDT